From 0c864613ab1d3a471e6aa12f8d9e0bcbabdb1e1a Mon Sep 17 00:00:00 2001
From: Zachary Winnerman <98712682+zwinnerman-fleetdm@users.noreply.github.com>
Date: Thu, 13 Jul 2023 20:43:20 -0400
Subject: [PATCH] Fix for sandbox vuln processing (#12763)

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
---
 .../deploy_terraform/fleet/templates/cronjobs.yaml     |  4 ++--
 .../deploy_terraform/fleet/templates/deployment.yaml   |  2 +-
 .../PreProvisioner/lambda/deploy_terraform/main.tf     | 10 ++++++++++
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/fleet/templates/cronjobs.yaml b/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/fleet/templates/cronjobs.yaml
index fab39e3aee..f7992ac309 100644
--- a/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/fleet/templates/cronjobs.yaml
+++ b/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/fleet/templates/cronjobs.yaml
@@ -35,10 +35,10 @@ spec:
             resources:
               limits:
                 cpu: {{ .Values.resources.limits.cpu }}
-                memory: {{ .Values.resources.limits.memory }}
+                memory: "2Gi"
               requests:
                 cpu: {{ .Values.resources.requests.cpu }}
-                memory: {{ .Values.resources.requests.memory }}
+                memory: "2Gi"
             env:
               ## BEGIN FLEET SECTION
               - name: FLEET_SERVER_SANDBOX_ENABLED
diff --git a/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/fleet/templates/deployment.yaml b/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/fleet/templates/deployment.yaml
index f9bcd16ae6..137243dd06 100644
--- a/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/fleet/templates/deployment.yaml
+++ b/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/fleet/templates/deployment.yaml
@@ -62,7 +62,7 @@ spec:
             value: elasticapm
           - name: FLEET_LOGGING_TRACING_ENABLED
             value: "true"
-          - name: FLEET_VULNERABILITIES_EXTERNAL_SCHEDULED
+          - name: FLEET_VULNERABILITIES_DISABLE_SCHEDULE
             value: "true"
           - name: FLEET_SESSION_DURATION
             value: "1y"
diff --git a/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/main.tf b/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/main.tf
index ed530ab360..4312cec4e3 100644
--- a/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/main.tf
+++ b/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/main.tf
@@ -212,6 +212,16 @@ resource "helm_release" "main" {
     name  = "apm.token"
     value = var.apm_token
   }
+
+  set {
+    name  = "resources.limits.memory"
+    value = "512Mi"
+  }
+
+  set {
+    name  = "resources.requests.memory"
+    value = "512Mi"
+  }
 }
 
 data "aws_iam_policy_document" "main" {